Host isolation, automated response rules, intelligent local caching of events for in depth Incident Response (IR)
as well as some forensic features like dumping memory.

Sensors are designed to limit the potential for abuse resulting from unauthorized access to the LimaCharlie platform.
This is achieved by limited open-ended commands as well as commands that could enable an attacker to
covertly upload malicious software to your hosts. This means the LimaCharlie sensor is extremely powerful
but also keeps its "read-only" qualities on your infrastructure. Of course, all access and interactions with the hosts
are also logged for audit both within the cloud and tamper-proof forwarding to your own infrastructure.

The Detection & Response Rules act as an automation engine. The Detection component is a rule that either matches an event
or not. If the Detection component matches, the Response component of the rule is actioned. This can be used to automatically
investigate, mitigate or apply Tags.

Insight is our built-in data retention and searching. It is included within our 2 sensor free tier as well.

When you enable Insight, we configure everything for you so that you get access to one year of your data for visualization and searching.

You don't have to use the built-in data retention; you can forward data to your infrastructure
directly if you'd like. In general though, it is much simpler and a better experience to use Insight. If you prefer not to use Insight,
go through the next section (Outputs).

LimaCharlie can relay the data somewhere for longer term storage and analysis. Where that data is sent depends on which Outputs
are activated. You can have as many Output modules active as you want, so you can send it to multiple syslog destinations using
the Syslog Output module and then send it to some cold storage over an Scp Output module.

Output is also split between four categories: "event", "detect", "audit" and "deployment". Selecting a Stream when creating an Output
will select the relevant type of data to flow through it.

The API keys are represented as UUIDs. They are linked to your specific organization and enable you to programatically acquire
authorization tokens that can be used on our REST API. See the API Key section for more details.